The FBI has published a TLP:WHITE Private Industry Notification (PIN) warning that ransomware attacks are straining local U.S. governments and public services. The FBI has been tracking cyber actors conducting ransomware attacks on local government agencies that have resulted in disrupted operational services, risks to public safety, and financial losses. Based on victim incident reporting, the Government Facilities Sector (GSF) was the second highest victimized sector of ransomware attacks, between January and December 2021.

Local U.S. government victims, throughout 2021, primarily consisted of smaller counties and municipalities, likely due to their constraints related to cybersecurity resources and budget limitations. Media and other reports indicate that ransomware attacks targeting local governments led to disruptions to public and health services, emergency and safety operations, and the compromise of personal data. The PIN provides specific examples of ransomware incidents affecting local government operations in the U.S. over the past year. According to the PIN, “The top three initial infection vectors in 2021 were phishing emails, remote desktop protocol exploitation, and software vulnerability exploitation.” Additionally, the PIN provides a thorough list of recommend actions for local governments to implement now to increase their security posture, including keeping all operating systems and software up to date. The FBI encourages partners to report suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 CyberWatch (CyWatch) at (855)292-3937 or CyWatch@fbi.gov.

Access the Full PIN Below